diff options
Diffstat (limited to 'common/ap_ro_integrity_check.c')
| -rw-r--r-- | common/ap_ro_integrity_check.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 86bfbbea23..f2339ddb86 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -226,10 +226,16 @@ static int verify_ap_ro_check_space(void) * ARCVE_OK if AP RO verification is supported. * ARCVE_NOT_PROGRAMMED if the hash is not programmed. * ARCVE_FLASH_READ_FAILED if there was an error reading the hash. + * ARCVE_BOARD_ID_BLOCKED if ap ro verification is disabled for the board's rlz */ static enum ap_ro_check_vc_errors ap_ro_check_unsupported(int add_flash_event) { + if (ap_ro_board_id_blocked()) { + CPRINTS("%s: BID blocked", __func__); + return ARCVE_BOARD_ID_BLOCKED; + } + if (p_chk->header.num_ranges == (uint16_t)~0) { CPRINTS("%s: RO verification not programmed", __func__); if (add_flash_event) @@ -344,12 +350,11 @@ static int ap_ro_info_cmd(int argc, char **argv) } #endif rv = ap_ro_check_unsupported(false); - if (rv == ARCVE_NOT_PROGRAMMED) - return EC_SUCCESS; if (rv == ARCVE_FLASH_READ_FAILED) return EC_ERROR_CRC; /* No verification possible. */ + /* All other AP RO verificaiton unsupported reasons are fine */ if (rv) - return EC_ERROR_UNKNOWN; + return EC_SUCCESS; ccprintf("sha256 hash %ph\n", HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest))); |